When the Intel RNG came out several years ago, built into the bus controller chipset, it was not widely accepted by the cryptographic community due to fears of back doors or internal weaknesses. A generally positive analysis by Cryptographic Research (http://www.cryptography.com/intelRNG.pdf) failed to assuage these concerns.
Looking at the block diagram for the new Toshiba circuit, and comparing with the Intel design, one concern I have is with attacks on the device via external electromagnetic fields which could modulate current flows and potentially influence internal random numbers. Intel attempted to mitigate this attack by using a pair of resistors spaced close together, and taking differentials between them. I don't see any such countermeasures in the (admittedly crude) block diagram in the Toshiba press release. It's important for cryptographic purposes that the RNG not only produce good quality random numbers, but that they cannot be influenced by external processes. One major use case for these devices is inside smart cards and such where it may be important that no one on the outside can know what random numbers are being produced. Including the user of the device within the threat model raises the bar for security of a hardware RNG. Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
